US11696133B2 - Method and system for provisioning device specific WLAN credentials - Google Patents
Method and system for provisioning device specific WLAN credentials Download PDFInfo
- Publication number
- US11696133B2 US11696133B2 US16/281,783 US201916281783A US11696133B2 US 11696133 B2 US11696133 B2 US 11696133B2 US 201916281783 A US201916281783 A US 201916281783A US 11696133 B2 US11696133 B2 US 11696133B2
- Authority
- US
- United States
- Prior art keywords
- electronic device
- network
- mac address
- credential
- certificate
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active, expires
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
- H04W12/069—Authentication using certificates or pre-shared keys
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
- H04L41/0803—Configuration setting
- H04L41/0806—Configuration setting for initial configuration or provisioning, e.g. plug-and-play
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
- H04L41/0803—Configuration setting
- H04L41/0813—Configuration setting characterised by the conditions triggering a change of settings
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/50—Address allocation
- H04L61/5038—Address allocation for local use, e.g. in LAN or USB networks, or in a controller area network [CAN]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/60—Context-dependent security
- H04W12/69—Identity-dependent
- H04W12/71—Hardware identity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/60—Context-dependent security
- H04W12/69—Identity-dependent
- H04W12/72—Subscriber identity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2101/00—Indexing scheme associated with group H04L61/00
- H04L2101/60—Types of network addresses
- H04L2101/618—Details of network addresses
- H04L2101/622—Layer-2 addresses, e.g. medium access control [MAC] addresses
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W8/00—Network data management
- H04W8/22—Processing or transfer of terminal data, e.g. status or physical capabilities
- H04W8/24—Transfer of terminal data
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W84/00—Network topologies
- H04W84/02—Hierarchically pre-organised networks, e.g. paging networks, cellular networks, WLAN [Wireless Local Area Network] or WLL [Wireless Local Loop]
- H04W84/10—Small scale networks; Flat hierarchical networks
- H04W84/12—WLAN [Wireless Local Area Networks]
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/70—Reducing energy consumption in communication networks in wireless communication networks
Definitions
- the present disclosure relates to electronic devices, and in particular relates to a connection to Wi-Fi networks from electronic devices.
- an electronic device may either use passive scanning or active scanning.
- Passive scanning involves the device listening for beacon signals from the Wi-Fi connection points.
- this technique is typically slow and requires the electronic device's receiver be on for an extended period, which may waste battery life on a portable electronic device.
- Active scanning involves the electronic device sending out a request to find connection points. Such requests typically include the Media Access Control (MAC) address of the electronic device. Since active scanning is better for battery life, portable electronic devices tend to use this technique. Further, other Wi-Fi signaling may also include the MAC address.
- MAC Media Access Control
- a MAC address is an identifier which is considered to be globally unique. Such address is part of the data link layer and is used as a network address for most Institute for Electrical and Electronics Engineers (IEEE) 802 protocols. Because the MAC address is essentially unique, remains the same value over a long period of time, and is present in the header of every frame, it can be used for tracking a particular user. Specifically, passive receivers can look for active scanning signals or other Wi-Fi messaging, and note the MAC addresses within these signals. If a plurality of such passive receivers is located around a facility such as an airport or shopping mall, this would provide information on where a user has been, how long the user was there, among similar information. Further, if the MAC address is somehow paired or correlated with a user identity, this could further invade the user's privacy.
- IEEE Institute for Electrical and Electronics Engineers
- Wi-Fi network operators generally assume a Wi-Fi client uses the same MAC address every time it connects to the network. Therefore, the changing of MAC addresses could lead to inaccurate or inflated billing, or the inability to login to a network on which the device was previously authorized.
- FIG. 1 is a block diagram showing an example system in which a plurality of Wi-Fi clients is connecting through an access point to infrastructure elements;
- FIG. 2 is a dataflow diagram showing mapping between local MAC addresses and a unique identifier
- FIG. 3 is a dataflow diagram showing device provisioning protocol messaging between a configurator and an enrollee which includes an attribute set;
- FIG. 4 is a block diagram of a simplified electronic device capable of being used with the methods and systems herein according to one embodiment.
- FIG. 5 is a block diagram of a mobile device according to one embodiment.
- the present disclosure provides a method at an electronic device, the method comprising: initiating authentication with a network through a network element; providing a configuration request, the configuration request including an attribute set for the electronic device; and receiving a configuration response, the configuration response including a certificate or credential for future authentication with the network.
- the present disclosure further provides an electronic device comprising: a processor; and a communications subsystem, wherein the electronic device is configured to: initiate authentication with a network through a network element; provide a configuration request, the configuration request including an attribute set for the electronic device; and receive a configuration response, the configuration response including a certificate or credential for future authentication with the network.
- the present disclosure further provides a computer readable medium for storing instruction code, which, when executed by a processor of an electronic device cause the electronic device to: initiate authentication with a network through a network element; provide a configuration request, the configuration request including an attribute set for the electronic device; and receive a configuration response, the configuration response including a certificate or credential for future authentication with the network.
- a Wi-Fi network operator can use the Wi-Fi client MAC address to collect diagnostics on connectivity issues; to track how long a Wi-Fi client is connected to a network over a period of time, for example to address time-based billing; to track how much data is transmitted between the Wi-Fi infrastructure and the Wi-Fi client over a period of time to address data limits; and to collect information on how many Wi-Fi clients a user may use in connecting to a network.
- a Wi-Fi client device chooses a random MAC address, or changes its MAC address based on a non-random scheme, such as a MAC address change protocol, that MAC address may change each time the device connects to a network. If the network operator uses the Wi-Fi client MAC address to monitor, limit or bill time-based or traffic-based network access, the network operator cannot track the activity or billing on a device across the different connections.
- a non-random scheme such as a MAC address change protocol
- a user may have multiple devices, and the network operator may have a business need to track which of the user's devices are operating on its network. This involves a network operator maintaining a device to user account mapping, and user accounts having the ability to have more than one device, possibly with limits. The assumption is such account mapping being that each unique device has a unique MAC address.
- Wi-Fi client uses the same MAC address every time it connects or reconnects to a network.
- MAC address randomization or MAC address change protocols are used, then a Wi-Fi client changes its MAC address and network information about that Wi-Fi client's connectivity is terminated for the old MAC address and started afresh for the new MAC address.
- Such information may include, for example data activity or billing.
- information on the Wi-Fi client credentials can be exchanged with the network to uniquely identify the Wi-Fi client when it connects to the network.
- Such credentials can be derived from an attribute set initially shared with the network, which could include one or any combination of the following:
- the unique identifier may only be unique to a particular class of device.
- the manufacturing or owner information may be tied to a particular kind of device such as a serial number tied to a particular piece of hardware.
- the Wi-Fi class may, for example, indicate that the type of device is a laptop, cell phone, or wearable, among other information.
- the device class may, for example, indicate that the type of device is a vehicle, bicycle, aircraft, road side unit, or an Internet of Things (IoT) device, among other information.
- IoT Internet of Things
- the attribute set is negotiated between the network provider and the user's electronic device when the Wi-Fi client is provisioned for network access.
- the attribute set, or a portion thereof, is then transmitted as part of the credential when the Wi-Fi client associates to the network.
- a device may comprise multiple attribute sets. For example, this may occur when a device supports multiple Wi-Fi clients.
- the network operator establishes a binding, using the attribute set, so that as each device changes its MAC address, the plurality of devices can be tracked to the same user.
- a user 110 may have one or more of devices associated with the user.
- a user 110 has a mobile device 112 , a tablet device 114 , and a smart watch device 116 .
- the embodiment of FIG. 1 is not limiting, and in some cases user 110 could have a different device or a subset of devices.
- user 110 may be associated with an electronic device such as a laptop computer, desktop computer, Internet appliance, among other such devices.
- the embodiments of the present disclosure may be used without a user 110 .
- a device may be an IoT device that is not associated with any particular user.
- any device associated with a user or operating autonomously from a user may be referred to as an electronic device.
- an electronic device is generally referred to herein as a Wi-Fi client.
- the Wi-Fi client will typically communicate with an access point 120 .
- the access point 120 provides network connectivity to a network 122 .
- the network 122 may, in some cases, be the Internet. However, in other cases, the network 122 may be any local or wide area network.
- the network has a set of logical services to facilitate network connectivity and perform network management.
- the logical services include configuration, authentication and network operations, which could in some cases all be performed by the same server, or in other cases be performed by separate servers.
- a configuration server 130 provides a means to provision an electronic device with a credential.
- An authentication server 132 authenticates devices when they connect to the network based on credentials provided by the configuration server 130 .
- a network operations server 134 provides billing, accounting, network monitoring, and policy enforcement for an electronic device once it establishes network access.
- an un-provisioned device communicates with the configuration server 130 either directly or through a provisioning network.
- the un-provisioned device provides credential attributes to the configuration server 130 .
- the configuration server 130 includes some or all of the attributes as part of a credential and passes that information back to the electronic device to complete the configuration.
- an electronic device at 210 communicates with an access point 212 . Further, an authentication server 214 and a network operations server 216 operate as described below.
- the electronic device 210 discovers and connects to the access point 212 , as shown with arrows 220 and 222 .
- An authentication process is then started, as shown with arrows 230 and 232 .
- the electronic device 210 passes its credential attributes to the authentication server 214 through the access point 212 .
- the authentication server 214 passes the credential attributes to the network operations server 216 , as shown by arrow 240 .
- the credential attributes may, for example, include a unique identifier, such as a global MAC address for the device, or may include any of the other attributes described above.
- the network operations server 216 creates a mapping of the credential attributes to the identifier of electronic device that was used for the connection and association, as shown by block 242 .
- the network operations server 216 uses the MAC address/credential mappings for billing, and monitoring, and network policy enforcement. Messages to enable these features are shown by arrow 250 .
- a Device Provisioning Protocol may be used for credential provisioning and network access.
- the electronic device may be referred to as the “enrollee” and the configuration server may be referred to as the “configurator”.
- the access point may become the authentication server, as well as the network operations server.
- the enrollee includes the attribute set of the Wi-Fi client as an attribute within the configuration request. Specifically, reference is now made to FIG. 3 .
- a mechanism is provided to assign the attribute set as part of the DPP provisioning sequence.
- the MAC address would be assigned as part of the configuration object. In some cases, the entire MAC address or a subset of the MAC address such as the upper bytes could be assigned.
- the assigned MAC address is stored and used for all connections in the future for that network.
- a configurator 310 communicates with enrollee 312 .
- the DPP authentication mechanism is shown with arrow 320 . This DPP authentication mechanism is similar to the DPP authentication mechanism performed currently between the enrollee and a configurator.
- the enrollee 312 may then generate a new DPP configuration request 322 .
- the DPP configuration request 322 includes a new attribute set for the enrollee 312 .
- the new attribute set may include the attributes described above with regard to the electronic device. Specifically, the attribute set may contain one or more of: a Global MAC address or portion thereof; a unique identifier; manufacturing or owner information; and/or a Wi-Fi class; among other information.
- the DPP configuration request with the new attribute set is received at the configurator 310 .
- the configurator may then form a unique certificate for that Wi-Fi client, as shown at block 324 .
- the unique certificate could be formed utilizing a hash of the identifier (or portion of the identifier) utilizing a SHA-256 into a root certificate in one embodiment.
- other methodology for creating a unique certificate given the received attributes would be apparent to those skilled in the art.
- the configurator 310 may generate a credential rather than, or in addition to, a certificate at block 324 .
- the credential may be a public key/private key pair that is provided to the enrollee.
- the configurator 310 On generation of the certificate and/or credential, the configurator 310 returns a DPP configuration response 330 .
- the DPP configuration response 330 includes the new certificate and/or the new credential.
- the certificate and/or credential received in the DPP configuration response may be stored by the enrollee 312 and used for future connections to the network. Further, if a user has a plurality of devices, in some cases the certificate and/or credential can be distributed to those other devices. The storing and/or distribution are shown with block 332 in FIG. 3 .
- the Wi-Fi infrastructure can quickly recognize the Wi-Fi client when the device authenticates using the certificate and/or credential.
- policies could be implemented for the enrollee 312 .
- the policies could be based on the attribute information received in message 322 .
- policies could then be enforced within the network based on the use of the certificate and/or credential in future connections.
- the credential contains a set of attributes which could include a global MAC address or a hash of such global MAC address, a unique identifier for the device, manufacturing information for the device, among other information. These attributes may be negotiated between the network provider and the user or electronic device when the electronic device is provisioned for network access. The attributes, or a subset thereof, are transmitted as part of the credential when the device associates to the network.
- the servers and electronic devices performing the methods described above may be any electronic device or network node.
- Such electronic device or network node may include any type of computing device, including but not limited to, mobile devices such as smartphones or cellular telephones. Examples can further include fixed or mobile user equipments, such as internet of things (IoT) devices, endpoints, home automation devices, medical equipment in hospital or home environments, inventory tracking devices, environmental monitoring devices, energy management devices, infrastructure management devices, vehicles or devices for vehicles, fixed electronic devices, among others.
- IoT internet of things
- Vehicles includes motor vehicles (e.g., automobiles, cars, trucks, buses, motorcycles, etc.), aircraft (e.g., airplanes, unmanned aerial vehicles, unmanned aircraft systems, drones, helicopters, etc.), spacecraft (e.g., spaceplanes, space shuttles, space capsules, space stations, satellites, etc.), watercraft (e.g., ships, boats, hovercraft, submarines, etc.), railed vehicles (e.g., trains and trams, etc.), pedestrians and bicycles and other types of vehicles including any combinations of any of the foregoing, whether currently existing or after arising.
- motor vehicles e.g., automobiles, cars, trucks, buses, motorcycles, etc.
- aircraft e.g., airplanes, unmanned aerial vehicles, unmanned aircraft systems, drones, helicopters, etc.
- spacecraft e.g., spaceplanes, space shuttles, space capsules, space stations, satellites, etc.
- watercraft e.g., ships, boats, hovercraft
- FIG. 4 One simplified diagram of a server or an electronic device is shown with regard to FIG. 4 .
- device 410 includes a processor 420 and a communications subsystem 430 , where the processor 420 and communications subsystem 430 cooperate to perform the methods of the embodiments described above.
- Communications subsystem 420 may, in some embodiments, comprise multiple subsystems, for example for different radio technologies.
- Processor 420 is configured to execute programmable logic, which may be stored, along with data, on device 410 , and shown in the example of FIG. 4 as memory 440 .
- Memory 440 can be any tangible, non-transitory computer readable storage medium.
- the computer readable storage medium may be a tangible or in transitory/non-transitory medium such as optical (e.g., CD, DVD, etc.), magnetic (e.g., tape), flash drive, hard drive, or other memory known in the art.
- device 410 may access data or programmable logic from an external storage medium, for example through communications subsystem 430 .
- Communications subsystem 430 allows device 410 to communicate with other devices or network elements and may vary based on the type of communication being performed. Further, communications subsystem 430 may comprise a plurality of communications technologies, including any wired or wireless communications technology.
- Communications between the various elements of device 410 may be through an internal bus 460 in one embodiment. However, other forms of communication are possible.
- the electronic device has user equipment capabilities, one example electronic device is described below with regard to FIG. 5 .
- Electronic device 500 includes a communication subsystem 540 .
- Communication subsystem 540 includes Wi-Fi communications capabilities, typically by including a Wi-Fi chipset, and may further include other communications systems including WiMAX or near field communications, among others.
- electronic device 500 may comprise a two-way wireless communication device having voice or data communication capabilities or both.
- Electronic device 500 may have the capability to communicate with other computer systems.
- the electronic device may also be referred to as a data messaging device, a two-way pager, a wireless e-mail device, a smartphone, a cellular telephone with data messaging capabilities, a wireless Internet appliance, a wireless device, a mobile device, an embedded cellular modem or a data communication device, as examples.
- electronic device 500 may incorporate a communication subsystem 511 , including a receiver 512 and a transmitter 514 , as well as associated components such as one or more antenna elements 516 and 518 , local oscillators (LOs) 513 , and a processing module such as a digital signal processor (DSP) 520 .
- a communication subsystem 511 including a receiver 512 and a transmitter 514 , as well as associated components such as one or more antenna elements 516 and 518 , local oscillators (LOs) 513 , and a processing module such as a digital signal processor (DSP) 520 .
- DSP digital signal processor
- Network access requirements will also vary depending upon the type of network 519 .
- network access is associated with a subscriber or user of the electronic device 500 .
- An electronic device may require an embedded or a removable user identity module (RUIM) or a subscriber identity module (SIM) card or a UMTS SIM (USIM) in order to operate on a network.
- the USIM/SIM/RUIM interface 544 is normally similar to a card-slot into which a USIM/SIM/RUIM card can be inserted and ejected.
- the USIM/SIM/RUIM card can have memory and hold many key configurations 551 , and other information 553 such as identification, and subscriber related information.
- electronic device 500 may send and receive communication signals over the network 519 .
- network 519 can include multiple base stations communicating with the mobile device.
- Signals received by antenna 516 through communication network 519 are input to receiver 512 , which may perform such common receiver functions as signal amplification, frequency down conversion, filtering, channel selection and the like.
- Analog to digital (A/D) conversion of a received signal allows more complex communication functions such as demodulation and decoding to be performed in the DSP 520 .
- signals to be transmitted are processed, including modulation and encoding for example, by DSP 520 and input to transmitter 514 for digital to analog (D/A) conversion, frequency up conversion, filtering, amplification and transmission over the communication network 519 via antenna 518 .
- DSP 520 not only processes communication signals, but also provides for receiver and transmitter control. For example, the gains applied to communication signals in receiver 512 and transmitter 514 may be adaptively controlled through automatic gain control algorithms implemented in DSP 520 .
- Electronic device 500 generally includes a processor 538 which controls the overall operation of the device. Communication functions, including data and voice communications, are performed through communication subsystem 511 . Processor 538 also interacts with further device subsystems such as the display 522 , flash memory 524 , random access memory (RAM) 526 , auxiliary input/output (I/O) subsystems 528 , serial port 530 , one or more keyboards or keypads 532 , speaker 534 , microphone 536 , other communication subsystem 540 such as a short-range communications subsystem or DSRC subsystem, and any other device subsystems generally designated as 542 .
- Serial port 530 could include a USB port, On-Board Diagnostics (OBD) port or other port known to those in the art.
- OBD On-Board Diagnostics
- Some of the subsystems shown in FIG. 5 perform communication-related functions, whereas other subsystems may provide “resident” or on-device functions.
- some subsystems such as keyboard 532 and display 522 , for example, may be used for both communication-related functions, such as entering a text message for transmission over a communication network, and device-resident functions such as a calculator or task list.
- Operating system software used by the processor 538 may be stored in a persistent store such as flash memory 524 , which may instead be a read-only memory (ROM) or similar storage element (not shown).
- ROM read-only memory
- Those skilled in the art will appreciate that the operating system, specific device applications, or parts thereof, may be temporarily loaded into a volatile memory such as RAM 526 .
- Received communication signals may also be stored in RAM 526 .
- flash memory 524 can be segregated into different areas for both computer programs 558 and program data storage 550 , 552 , 554 and 556 . These different storage types indicate that each program can allocate a portion of flash memory 524 for their own data storage requirements.
- Processor 538 in addition to its operating system functions, may enable execution of software applications on the electronic device. A predetermined set of applications that control basic operations, including potentially data and voice communication applications for example, will normally be installed on electronic device 500 during manufacturing. Other applications could be installed subsequently or dynamically.
- the computer readable storage medium may be a tangible or in transitory/non-transitory medium such as optical (e.g., CD, DVD, etc.), magnetic (e.g., tape) or other memory known in the art.
- One software application may be a personal information manager (PIM) application having the ability to organize and manage data items relating to the user of the electronic device such as, but not limited to, e-mail, messages, calendar events, voice mails, appointments, and task items.
- Further applications including productivity applications, messaging applications, social media applications, games, among others, may also be loaded onto the electronic device 500 through the network 519 , an auxiliary I/O subsystem 528 , serial port 530 , short-range communications subsystem 540 or any other suitable subsystem 542 , and installed by a user in the RAM 526 or a non-volatile store (not shown) for execution by the processor 538 .
- Such flexibility in application installation increases the functionality of the device and may provide enhanced on-device functions, communication-related functions, or both.
- a received signal such as a text message or web page download will be processed by the communication subsystem 511 and input to the processor 538 , which may further process the received signal for output to the display 522 , or alternatively to an auxiliary I/O device 528 .
- a user of electronic device 500 may also compose data items such as messages for example, using the keyboard 532 , which may be a complete alphanumeric keyboard or telephone-type keypad, either physical or virtual, among others, in conjunction with the display 522 and possibly an auxiliary I/O device 528 . Such composed items may then be transmitted over a communication network through the communication subsystem 511 .
- voice communications are provided, overall operation of electronic device 500 is similar, except that received signals may typically be output to a speaker 534 and signals for transmission may be generated by a microphone 536 .
- Alternative voice or audio I/O subsystems such as a voice message recording subsystem, may also be implemented on electronic device 500 .
- voice or audio signal output is preferably accomplished primarily through the speaker 534
- display 522 may also be used to provide an indication of the identity of a calling party, the duration of a voice call, or other voice call related information for example.
- Serial port 530 in FIG. 5 may be implemented in an electronic device for which synchronization with a user's desktop computer (not shown) may be desirable, but is an optional device component. Such a port 530 may enable a user to set preferences through an external device or software application and may extend the capabilities of electronic device 500 by providing for information or software downloads to electronic device 500 other than through a wireless communication network. As will be appreciated by those skilled in the art, serial port 530 can further be used to connect the electronic device to a computer to act as a modem or for charging a battery on the electronic device.
- subsystems 540 may further provide for communication between electronic device 500 and different systems or devices, which need not necessarily be similar devices.
- the subsystem 540 may include an infrared device and associated circuits and components or a BluetoothTM or BluetoothTM Low Energy communication module to provide for communication with similarly enabled systems and devices.
- Such operations may not be immediate or from the server directly. They may be synchronously or asynchronously delivered, from a server or other computing system infrastructure supporting the devices/methods/systems described herein. The foregoing steps may include, in whole or in part, synchronous/asynchronous communications to/from the device/infrastructure. Moreover, communication from the electronic device may be to one or more endpoints on a network. These endpoints may be serviced by a server, a distributed computing system, a stream processor, etc. Content Delivery Networks (CDNs) may also provide may provide communication to an electronic device.
- CDNs Content Delivery Networks
- the server may also provision or indicate a data for content delivery network (CDN) to await download by the electronic device at a later time, such as a subsequent activity of electronic device.
- CDN content delivery network
- data may be sent directly from the server, or other infrastructure, such as a distributed infrastructure, or a CDN, as part of or separate from the system.
- storage mediums can include any or some combination of the following: a semiconductor memory device such as a dynamic or static random access memory (a DRAM or SRAM), an erasable and programmable read-only memory (EPROM), an electrically erasable and programmable read-only memory (EEPROM) and flash memory; a magnetic disk such as a fixed, floppy and removable disk; another magnetic medium including tape; an optical medium such as a compact disk (CD) or a digital video disk (DVD); or another type of storage device.
- a semiconductor memory device such as a dynamic or static random access memory (a DRAM or SRAM), an erasable and programmable read-only memory (EPROM), an electrically erasable and programmable read-only memory (EEPROM) and flash memory
- a magnetic disk such as a fixed, floppy and removable disk
- another magnetic medium including tape an optical medium such as a compact disk (CD) or a digital video disk (DVD); or another type of storage device.
- CD compact disk
- DVD
- Such computer-readable or machine-readable storage medium or media is (are) considered to be part of an article (or article of manufacture).
- An article or article of manufacture can refer to any manufactured single component or multiple components.
- the storage medium or media can be located either in the machine running the machine-readable instructions, or located at a remote site from which machine-readable instructions can be downloaded over a network for execution.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Power Engineering (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
Description
-
- a. a global MAC address (or a hash of the global MAC address);
- b. a unique identifier;
- c. manufacturing (or owner) information; for example, this information could include details on network operators, Wi-Fi operators, carrier operators, network equipment manufacturers, equipment vendors, among other such information;
- d. a Wi-Fi client class; and/or
- e. a device class.
Claims (13)
Priority Applications (6)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US16/281,783 US11696133B2 (en) | 2019-02-21 | 2019-02-21 | Method and system for provisioning device specific WLAN credentials |
EP19916416.1A EP3928548A4 (en) | 2019-02-21 | 2019-10-29 | Method and system for provisioning device specific wlan credentials |
CN201980092792.0A CN113455033B (en) | 2019-02-21 | 2019-10-29 | Method and system for provisioning device-specific WLAN credentials |
PCT/CA2019/051519 WO2020168410A1 (en) | 2019-02-21 | 2019-10-29 | Method and system for provisioning device specific wlan credentials |
CA3126867A CA3126867A1 (en) | 2019-02-21 | 2019-10-29 | Method and system for provisioning device specific wlan credentials |
US18/319,956 US20230292126A1 (en) | 2019-02-21 | 2023-05-18 | Method and system for provisioning device specific wlan credentials |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US16/281,783 US11696133B2 (en) | 2019-02-21 | 2019-02-21 | Method and system for provisioning device specific WLAN credentials |
Related Child Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US18/319,956 Continuation US20230292126A1 (en) | 2019-02-21 | 2023-05-18 | Method and system for provisioning device specific wlan credentials |
Publications (2)
Publication Number | Publication Date |
---|---|
US20200275272A1 US20200275272A1 (en) | 2020-08-27 |
US11696133B2 true US11696133B2 (en) | 2023-07-04 |
Family
ID=72140822
Family Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US16/281,783 Active 2040-06-27 US11696133B2 (en) | 2019-02-21 | 2019-02-21 | Method and system for provisioning device specific WLAN credentials |
US18/319,956 Pending US20230292126A1 (en) | 2019-02-21 | 2023-05-18 | Method and system for provisioning device specific wlan credentials |
Family Applications After (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US18/319,956 Pending US20230292126A1 (en) | 2019-02-21 | 2023-05-18 | Method and system for provisioning device specific wlan credentials |
Country Status (5)
Country | Link |
---|---|
US (2) | US11696133B2 (en) |
EP (1) | EP3928548A4 (en) |
CN (1) | CN113455033B (en) |
CA (1) | CA3126867A1 (en) |
WO (1) | WO2020168410A1 (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20230006967A1 (en) * | 2021-06-30 | 2023-01-05 | Fortinet, Inc. | Machine learning capable mac filtering for enforcing edge security over mac randomization in wlan networks |
Families Citing this family (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US11979403B2 (en) | 2021-05-27 | 2024-05-07 | Cisco Technology, Inc. | Token-based device tracking |
US12081988B2 (en) * | 2021-06-23 | 2024-09-03 | Cisco Technology, Inc. | Authentication service with address rotation support |
US20230084235A1 (en) * | 2021-09-13 | 2023-03-16 | Cisco Technology, Inc. | Concealing low power mobile device address during advertisement |
US20230292105A1 (en) * | 2022-03-09 | 2023-09-14 | RAB Lighting Inc. | Rapid provisioning of wireless local area network devices |
US11902246B2 (en) * | 2022-04-28 | 2024-02-13 | Cisco Technology, Inc. | Central scheduling for enterprise wireless randomizing changing/rotating MAC address |
Citations (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20070280207A1 (en) * | 2004-03-03 | 2007-12-06 | Mitsubishi Electric Corporation | Layer 2 Switch Network System |
US20170149799A1 (en) * | 2015-11-20 | 2017-05-25 | Qualcomm Incorporated | Secure fine timing measurement protocol |
US20170257819A1 (en) | 2016-03-02 | 2017-09-07 | Blackberry Limited | Provisioning a device in a network |
US20170289157A1 (en) * | 2014-09-17 | 2017-10-05 | Microsoft Technology Licensing, Llc | Establishing trust between two devices |
US20180109418A1 (en) * | 2016-10-19 | 2018-04-19 | Qualcomm Incorporated | Device provisioning protocol (dpp) using assisted bootstrapping |
US20180248871A1 (en) * | 2017-02-24 | 2018-08-30 | Red Hat, Inc. | Enhancing privacy of network connections |
US20180352487A1 (en) * | 2016-08-03 | 2018-12-06 | Telefonaktiebolaget Lm Ericsson (Publ) | Method, device and computer program for primary cell change |
US10169587B1 (en) * | 2018-04-27 | 2019-01-01 | John A. Nix | Hosted device provisioning protocol with servers and a networked initiator |
US20190149987A1 (en) * | 2017-11-10 | 2019-05-16 | Amazon Technologies, Inc. | Secondary device setup |
US20210036988A1 (en) * | 2019-07-29 | 2021-02-04 | Cable Television Laboratories, Inc | Systems and methods for obtaining permanent mac addresses |
US20210266735A1 (en) * | 2018-06-29 | 2021-08-26 | Nokia Technologies Oy | Methods, device and computer-readable medium for protecting mac addresses |
US20210345099A1 (en) * | 2015-07-06 | 2021-11-04 | Hewlett Packard Enterprise Development Lp | Infrastructure coordinated media access control address assignment |
Family Cites Families (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8713589B2 (en) * | 2010-12-23 | 2014-04-29 | Microsoft Corporation | Registration and network access control |
US9549318B2 (en) * | 2013-10-10 | 2017-01-17 | Shaw Cablesystems G.P. | System and method for delayed device registration on a network |
US11765154B2 (en) * | 2016-07-26 | 2023-09-19 | Verizon Patent And Licensing Inc. | Securely provisioning a service to a customer equipment |
EP3618383A1 (en) * | 2018-08-30 | 2020-03-04 | Koninklijke Philips N.V. | Non-3gpp device access to core network |
US11483708B2 (en) * | 2019-02-20 | 2022-10-25 | Apple Inc. | Network access tokens for accessories |
-
2019
- 2019-02-21 US US16/281,783 patent/US11696133B2/en active Active
- 2019-10-29 WO PCT/CA2019/051519 patent/WO2020168410A1/en active Search and Examination
- 2019-10-29 CN CN201980092792.0A patent/CN113455033B/en active Active
- 2019-10-29 EP EP19916416.1A patent/EP3928548A4/en active Pending
- 2019-10-29 CA CA3126867A patent/CA3126867A1/en active Pending
-
2023
- 2023-05-18 US US18/319,956 patent/US20230292126A1/en active Pending
Patent Citations (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20070280207A1 (en) * | 2004-03-03 | 2007-12-06 | Mitsubishi Electric Corporation | Layer 2 Switch Network System |
US20170289157A1 (en) * | 2014-09-17 | 2017-10-05 | Microsoft Technology Licensing, Llc | Establishing trust between two devices |
US20170302666A1 (en) * | 2014-09-17 | 2017-10-19 | Microsoft Technology Licensing, Llc | Establishing trust between two devices |
US20210345099A1 (en) * | 2015-07-06 | 2021-11-04 | Hewlett Packard Enterprise Development Lp | Infrastructure coordinated media access control address assignment |
US20170149799A1 (en) * | 2015-11-20 | 2017-05-25 | Qualcomm Incorporated | Secure fine timing measurement protocol |
US20170257819A1 (en) | 2016-03-02 | 2017-09-07 | Blackberry Limited | Provisioning a device in a network |
US20180352487A1 (en) * | 2016-08-03 | 2018-12-06 | Telefonaktiebolaget Lm Ericsson (Publ) | Method, device and computer program for primary cell change |
US20180109418A1 (en) * | 2016-10-19 | 2018-04-19 | Qualcomm Incorporated | Device provisioning protocol (dpp) using assisted bootstrapping |
US20180248871A1 (en) * | 2017-02-24 | 2018-08-30 | Red Hat, Inc. | Enhancing privacy of network connections |
US20190149987A1 (en) * | 2017-11-10 | 2019-05-16 | Amazon Technologies, Inc. | Secondary device setup |
US10169587B1 (en) * | 2018-04-27 | 2019-01-01 | John A. Nix | Hosted device provisioning protocol with servers and a networked initiator |
US20210266735A1 (en) * | 2018-06-29 | 2021-08-26 | Nokia Technologies Oy | Methods, device and computer-readable medium for protecting mac addresses |
US20210036988A1 (en) * | 2019-07-29 | 2021-02-04 | Cable Television Laboratories, Inc | Systems and methods for obtaining permanent mac addresses |
Non-Patent Citations (4)
Title |
---|
Patent Cooperation Treaty International Search Report for Application No. PCT/CA2019/051519, dated Jan. 31, 2020 (3 pages). |
Patent Cooperation Treaty International Searching Authority, Written Opinion of the International Searching Authority for Application No. PCT/CA2019/051519, dated Jan. 31, 2020 (6 pages). |
Supplementary European Search Report, EP Application No. 19916416.1, dated Oct. 12, 2022. |
WiFi Alliance, "Device Provisioning Protocol Specification version 1.1", 2018, pp. 1-124. |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20230006967A1 (en) * | 2021-06-30 | 2023-01-05 | Fortinet, Inc. | Machine learning capable mac filtering for enforcing edge security over mac randomization in wlan networks |
Also Published As
Publication number | Publication date |
---|---|
CA3126867A1 (en) | 2020-08-27 |
EP3928548A1 (en) | 2021-12-29 |
EP3928548A4 (en) | 2022-11-09 |
US20200275272A1 (en) | 2020-08-27 |
US20230292126A1 (en) | 2023-09-14 |
WO2020168410A1 (en) | 2020-08-27 |
CN113455033A (en) | 2021-09-28 |
CN113455033B (en) | 2024-05-03 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11696133B2 (en) | Method and system for provisioning device specific WLAN credentials | |
US10492045B2 (en) | Dynamic provisioning of device configuration files for electronic subscriber identity modules | |
US10397771B2 (en) | Techniques for provisioning bootstrap electronic subscriber identity modules (eSIMS) to mobile devices | |
EP2587852B1 (en) | System and method for wireless device configuration | |
US10178238B2 (en) | Method and system for dynamic cellular networking activation for virtual SIM service | |
EP3512227B1 (en) | Method and system for securely provisioning a remote device | |
US20190158653A1 (en) | Mobile communication device with a plurality of applications activatable via a pin | |
WO2022176426A1 (en) | Server, request entity, and method therefor | |
US12041443B2 (en) | Integrity for mobile network data storage | |
EP4278312A1 (en) | Enterprise subscription management | |
CN110392076B (en) | Method, device and storage medium for vehicle-to-any V2X communication | |
US10667124B2 (en) | System and method for providing service license aggregation across multiple physical and virtual sim cards | |
US11096021B2 (en) | ESIM profile management by multiple business support systems | |
US20230084955A1 (en) | Activation of One of a Maximum Number of Communication Profiles Associated With a User | |
US20230232209A1 (en) | Method of Providing a Communication Function in a User Equipment | |
US20240224022A1 (en) | Relationship entity management systems and methods for telecommunications network user equipment | |
EP4395391A1 (en) | User equipment clusters for network registration and authentication | |
US20240276201A1 (en) | System and method for restoring an esim profile | |
CN118176759A (en) | Authentication between a wireless device and an edge server | |
CN116830654A (en) | UE ID opening |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
FEPP | Fee payment procedure |
Free format text: ENTITY STATUS SET TO UNDISCOUNTED (ORIGINAL EVENT CODE: BIG.); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY |
|
AS | Assignment |
Owner name: BLACKBERRY LIMITED, ONTARIO Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:MONTEMURRO, MICHAEL PETER;LEPP, JAMES RANDOLPH WINTER;SIGNING DATES FROM 20190227 TO 20190304;REEL/FRAME:048727/0045 Owner name: BLACKBERRY UK LIMITED, UNITED KINGDOM Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:MCCANN, STEPHEN;REEL/FRAME:048727/0105 Effective date: 20190319 |
|
AS | Assignment |
Owner name: BLACKBERRY LIMITED, ONTARIO Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:BLACKBERRY UK LIMITED;REEL/FRAME:049887/0167 Effective date: 20190725 |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: NON FINAL ACTION MAILED |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: RESPONSE TO NON-FINAL OFFICE ACTION ENTERED AND FORWARDED TO EXAMINER |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: FINAL REJECTION MAILED |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: RESPONSE AFTER FINAL ACTION FORWARDED TO EXAMINER |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: ADVISORY ACTION MAILED |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: DOCKETED NEW CASE - READY FOR EXAMINATION |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: NON FINAL ACTION MAILED |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: RESPONSE TO NON-FINAL OFFICE ACTION ENTERED AND FORWARDED TO EXAMINER |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: FINAL REJECTION MAILED |
|
STCF | Information on status: patent grant |
Free format text: PATENTED CASE |
|
AS | Assignment |
Owner name: MALIKIE INNOVATIONS LIMITED, IRELAND Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:BLACKBERRY LIMITED;REEL/FRAME:064104/0103 Effective date: 20230511 |